The Security Week That Was: 12/07/07

Our Malls: Protected or Not?

Far and away the most compelling security story of the week was the shooting incident at the Westroads mall in Omaha, Neb., on Wednesday. It's the kind of incident that we pay close attention to, because from a security posture, a mall will always be wide open for threats. First off, you have a busy location with a high concentration of people. You add in the fact that there is almost no access control in place for shoppers/visitors.

Secondly, you have a strong influx of shoppers and employees for the holidays, and most employees (having been one myself way back when) aren't given much (if any) training on security or what to do in the case of a violent incident. Really, that's no surprise considering many of them are high school and college students making a little extra money for the holidays, and will probably be gone in January.

On top of that add that the security presence is typically contract officers and that many of these mall/retail security contracts go to the lowest bidder. Also consider the fact that most, or perhaps all, mall security officers are unarmed. Add on something else: Many mall security staffs (the potential first responders) don't have direct lines of communications with store employees and store security staffs in the case of an incident.

In the Salt Lake mall shooting about a year ago, everyone counted their blessings that an armed police officer happened to be shopping and was able to take down the officer. In Wednesday's incident, the report indicates that mall security did identify suspicious behavior from the gunman, however, I have to ask -- if we don't have armed officers (security officers, or maybe a local police substation in-house), what's the point of being able to identify suspicious persons? Police aren't going to roll SWAT because of an odd kid who may or may not be casing his scene of terror.

Fortunately, these retail mass shooting incidents are rare, but rare or not, they still happen. There was some level of good news; one report indicated that the Old Navy store in the mall was able to "lockdown" with employees and customers in a backroom. At least some security best practices are getting through.

Mall security expert Jon Lusher (IPC International) shared his thoughts on mall security with SIW in a Q&A; read it here.

Catching a Bot Herder
Young man in New Zealand suspected of controlling one of world's biggest botnets

A "bot herder" -- a.k.a., the ringleader of a botnet -- was arrested in New Zealand. The young man is considered to have been the chief controller of one of the most nefarious organized computer crime rings.

If you're unaware of what a botnet is, keep in mind that this has become a new focus of the FBI. Bots are basically computers which have been infected and which can be remotely controlled. Almost always, the computer's owner will have no clue that their computer has been taken over. Groups of bots are known as botnets, and it's a "power in numbers" kind of game for these criminals. Typically, the botnets are used for implementing denial of service (DoS) attacks, which can take a website or a corporate network down by flooding it with traffic. While a decade ago, a botnet might have been used for simple hacker one-upmanship, today the botnets have reportedly even become an extension of organized crime.

More news in the industry
Ingersoll Rand's new exec; fingerprint to lead biometrics at banks; research on data security; more

Ingersoll Rand Security Technologies has hired a new president for its commercial technologies division in the Americas. The man in charge there will be Tim Eckersley, a former Nokia executive. ... Research underwritten by computer theft recovery company Absolute Software points to common weaknesses in corporate data protection and computer security. ... Researchers for Frost & Sullivan are convinced that the fingerprint will be the rule of thumb for biometric applications in the financial/banking market. ... A parcel bomb exploded at a law office in Paris, killing one, and underscoring the need for security in the mail room.

In the Forums this week
DVR input wanted, wireless security thoughts

• New member seeks input regarding pros/cons of a Sanyo DVR (see thread)
• Integrator points out security concerns for wireless connectivity (see thread)

Finally, our most read stories of the week: